Swift: Add tests of with* closure methods.

geoffw0 · geoffw0 · commit 63c71f0b779e · 2023-08-04T09:18:34.000+01:00
diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/int.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/int.swift
@@ -0,0 +1,139 @@
+
+// --- stubs ---
+
+// --- tests ---
+
+func source() -> UInt8 { return 0; }
+func source2() -> Int { return 0; }
+func sink(arg: Any) {}
+
+func taintThroughClosurePointer() {
+  var myArray1: [UInt8] = [1, 2, 3, 4]
+
+  myArray1[0] = source()
+  sink(arg: myArray1)
+  sink(arg: myArray1[0]) // $ tainted=13
+  let return1 = myArray1.withUnsafeBytes({
+    ptr1 in
+    sink(arg: ptr1)
+    sink(arg: ptr1[0]) // $ MISSING: tainted=13
+    return source()
+  })
+  sink(arg: return1) // $ MISSING: tainted=20
+
+  // ---
+
+  var myArray2: [UInt8] = [1, 2, 3, 4]
+
+  myArray2[0] = source()
+  sink(arg: myArray2)
+  sink(arg: myArray2[0]) // $ tainted=28
+  let return2 = myArray2.withUnsafeBufferPointer({
+    ptr2 in
+    sink(arg: ptr2)
+    sink(arg: ptr2[0]) // $ MISSING: tainted=28
+    return source()
+  })
+  sink(arg: return2) // $ MISSING: tainted=35
+}
+
+func taintThroughMutablePointer() {
+  var myArray1: [UInt8] = [1, 2, 3, 4]
+
+  sink(arg: myArray1)
+  sink(arg: myArray1[0])
+  let return1 = myArray1.withUnsafeMutableBufferPointer({
+    buffer in
+    buffer.update(repeating: source())
+    sink(arg: buffer)
+    sink(arg: buffer[0]) // $ MISSING: tainted=47
+    sink(arg: buffer.baseAddress!.pointee) // $ MISSING: tainted=47
+    return source()
+  })
+  sink(arg: return1) // $ MISSING: tainted=47
+  sink(arg: myArray1)
+  sink(arg: myArray1[0]) // $ MISSING: tainted=47
+
+  // ---
+
+  var myArray2: [UInt8] = [1, 2, 3, 4]
+
+  sink(arg: myArray2)
+  sink(arg: myArray2[0])
+  let return2 = myArray2.withUnsafeMutableBufferPointer({
+    buffer in
+    buffer.baseAddress!.pointee = source()
+    sink(arg: buffer)
+    sink(arg: buffer[0]) // $ MISSING: tainted=65
+    sink(arg: buffer.baseAddress!.pointee) // $ MISSING: tainted=65
+    return source()
+  })
+  sink(arg: return2) // $ MISSING: tainted=65
+  sink(arg: myArray2)
+  sink(arg: myArray2[0]) // $ MISSING: tainted=65
+
+  // ---
+
+  var myArray3: [UInt8] = [1, 2, 3, 4]
+
+  sink(arg: myArray3)
+  sink(arg: myArray3[0])
+  let return3 = myArray3.withContiguousMutableStorageIfAvailable({
+    ptr in
+    ptr.update(repeating: source())
+    sink(arg: ptr)
+    sink(arg: ptr[0]) // $ MISSING: tainted=83
+    return source()
+  })
+  sink(arg: return3!) // $ MISSING: tainted=83
+  sink(arg: myArray3)
+  sink(arg: myArray3[0]) // $ MISSING: tainted=83
+
+  // ---
+
+  var myArray4: [UInt8] = [1, 2, 3, 4]
+  var myArray5: [UInt8] = [5, 6, 7, 8]
+
+  myArray5[0] = source()
+  sink(arg: myArray4)
+  sink(arg: myArray4[0])
+  sink(arg: myArray5)
+  sink(arg: myArray5[0]) // $ tainted=97
+  let return4 = myArray4.withUnsafeMutableBytes({
+    ptr4 in
+    let return5 = myArray5.withUnsafeBytes({
+      ptr5 in
+      sink(arg: ptr5)
+      sink(arg: ptr5[0]) // $ MISSING: tainted=97
+      ptr4.copyBytes(from: ptr5)
+      sink(arg: ptr4)
+      sink(arg: ptr4[0]) // $ MISSING: tainted=97
+      return source()
+    })
+    sink(arg: return5) // $ MISSING: tainted=111
+    return source()
+  })
+  sink(arg: return4) // $ MISSING: tainted=114
+  sink(arg: myArray4)
+  sink(arg: myArray4[0]) // $ MISSING: tainted=97
+  sink(arg: myArray5)
+  sink(arg: myArray5[0]) // $ tainted=97
+
+  // ---
+
+  var myMutableBuffer = UnsafeMutableBufferPointer<Int>.allocate(capacity: 1)
+  myMutableBuffer.initialize(repeating: 1)
+
+  sink(arg: myMutableBuffer)
+  sink(arg: myMutableBuffer[0])
+  let return6 = myMutableBuffer.withContiguousMutableStorageIfAvailable({
+    ptr in
+    ptr.update(repeating: source2())
+    sink(arg: ptr)
+    sink(arg: ptr[0]) // $ MISSING: tainted=131
+    return source()
+  })
+  sink(arg: return6!) // $ MISSING: tainted=134
+  sink(arg: myMutableBuffer)
+  sink(arg: myMutableBuffer[0]) // $ MISSING: tainted=131
+}
